Advisory Command
Synopsis
dnf5 advisory <subcommand> [options] [<advisory-spec>...]
Description
The advisory command in DNF5 offers several queries for getting information about
advisories and packages related to them.
Optional advisory-spec arguments could be passed to filter only advisories with given names.
Note
The updateinfo command is available as a compatibility alias for advisory.
For example, dnf5 updateinfo list is equivalent to dnf5 advisory list.
Subcommands
list- List advisories matching the specified criteria.Displays a table with the following columns: Name (advisory ID), Type, Severity, Package (NEVRA), and Issued (date).When
--with-bzor--with-cveis specified, the first column shows the Bugzilla or CVE reference ID instead of the advisory name.Installed advisory packages are highlighted in green. info- Print detailed information about advisories.For each matching advisory, displays: Name, Title, Severity, Type, Status, Vendor, Issued date, Description, Message, Rights, References (with Title, Id, Type, and URL), and affected packages/modules organized by collection.
summary- Print a summary count of advisories by type and severity.Displays a hierarchical summary showing the number of advisories in each category:Security (with subcategories: Critical, Important, Moderate, Low, Other), Bugfix, Enhancement, and Other.The output header indicates the filter mode: Available (default), All, Installed, or Updates.
Options
--all- Show advisories containing any version of installed packages.
--available- Show advisories containing newer versions of installed packages. This is the default behavior.
--installed- Show advisories containing equal and older versions of installed packages.
--updates- Show advisories containing newer versions of installed packages for which a newer version is available.
--contains-pkgs=PACKAGE_NAME,...- Show only advisories containing packages with specified names.This is a list option.Only installed packages are matched. Globs are supported.
--security- Include content contained in security advisories.
--bugfix- Include content contained in bugfix advisories.
--enhancement- Include content contained in enhancement advisories.
--newpackage- Include content contained in newpackage advisories.
--advisory-severities=ADVISORY_SEVERITY,...- Include content contained in advisories with specified severity.This is a list option.Accepted values are: critical, important, moderate, low, none.
--bzs=BUGZILLA_ID,...- Include content contained in advisories that fix a ticket of the given Bugzilla ID.This is a list option.Expected values are numeric IDs, e.g. 123123.Any transaction command (install, upgrade) will fail with an error if there is no advisory fixing the given ticket; this can be bypassed by using the –skip-unavailable switch.
--cves=CVE_ID,...- Include content contained in advisories that fix a ticket of the given CVE (Common Vulnerabilities and Exposures) ID.This is a list option.Expected values are string IDs in CVE format, e.g. CVE-2201-0123.Any transaction command (install, upgrade) will fail with an error if there is no advisory fixing the given ticket; this can be bypassed by using the –skip-unavailable switch.
--with-bz- Show only advisories referencing a Bugzilla ticket.
--with-cve- Show only advisories referencing a CVE ticket.
--json- Request JSON output format for machine-readable results.Available for
listandinfosubcommands only.
Examples
dnf5 advisory info FEDORA-2022-07aa56297a- Show detailed info about advisory with given name.
dnf5 advisory summary --contains-pkgs=kernel,kernel-core --with-bz- Show a summary of advisories containing
kernelorkernel-corepackages and referencing any Bugzilla ticket. dnf5 advisory list --security --advisory-severities=important- Show a list of security advisories or advisories with
importantseverity. dnf5 advisory list --json- List all advisories in JSON format for programmatic processing.
dnf5 advisory list --json --with-cve- List advisories with CVE references in JSON format (extended format).
dnf5 advisory info FEDORA-2022-07aa56297a --json- Show detailed info about advisory in JSON format.
JSON Output
dnf5 advisory list --json
The command returns a JSON array, each element describing one advisory.
Basic format (without --with-cve or --with-bz):
name(string) - Advisory identifier.
type(string) - Advisory type (security, bugfix, enhancement).
severity(string) - Advisory severity level.
nevra(string) - Package name-epoch:version-release.architecture.
buildtime(integer) - Advisory build time, UNIX time.
Extended format (with --with-cve or --with-bz):
advisory_name(string) - Advisory identifier.
advisory_type(string) - Advisory type (security, bugfix, enhancement).
advisory_severity(string) - Advisory severity level.
advisory_buildtime(integer) - Advisory build time, UNIX time.
nevra(string) - Package name-epoch:version-release.architecture.
references(array) - List of references (CVE/Bugzilla). Each reference contains:
reference_id(string) - Reference identifier (e.g., CVE-2024-1234).
reference_type(string) - Reference type (cve or bugzilla).
dnf5 advisory info --json
The command returns a JSON array, each element containing detailed advisory information. Each advisory object contains the following fields:
Name(string) - Advisory name/identifier.Title(string) - Advisory title.Type(string) - Advisory type (security, bugfix, enhancement).Severity(string) - Advisory severity level.Status(string) - Advisory status.Vendor(string) - Advisory vendor.Issued(integer) - Advisory issue time, UNIX time.Description(string) - Detailed advisory description.Message(string) - Advisory message.Rights(string) - Advisory rights/copyright information.references(array) - List of references (CVE, Bugzilla, etc.). Each reference contains:Title(string) - Reference title.Id(string) - Reference identifier (e.g., CVE-2024-1234).Type(string) - Reference type (cve, bugzilla, etc.).Url(string) - Reference URL.
collections(object) - Package and module collections affected by the advisory:packages(array) - List of affected package NEVRAs (only present if packages exist).modules(array) - List of affected module NSVCAs (only present if modules exist).
For empty results:
dnf5 advisory list --jsonreturns[](empty array).dnf5 advisory info --jsonreturns[](empty array).